python写MS17-010扫描器

  1. 正文:

前言:
MS17-010早已是上一年的事情了。只不过想写一个检测脚本方便自己进行测试和用

正文:

先说思路:

    negotiate_protocol_request = binascii.unhexlify(
    "00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200")
session_setup_request = binascii.unhexlify(
    "00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000")
tree_connect_request = binascii.unhexlify(
    "00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00")
trans2_session_setup = binascii.unhexlify(
    "0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")

1.先把这些payload(首先把payload进行字符化)发送到目标主机
2.然后读取返回的数据进行判断
3.验证是否存在MS17010漏洞

代码:

import socket
import binascii
import struct
import sys

user=input('IP:')
def scan():
payload0 = binascii.unhexlify ('00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200')
payload1 = binascii.unhexlify('00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000')
payload2 = binascii.unhexlify('00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00')
payload3 = binascii.unhexlify('0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000')

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.settimeout(5)
host=user
port=445

s.connect((host,port))

print('[+]{}Ready to send'.format(host))
s.send(payload0)
s.recv(1024)

print('[+]{}Setting request'.format(host))
s.send(payload1)
session_setup_response=s.recv(1024)

user_id=session_setup_response[32:34]
print(host,'User ID=%s'%struct.unpack('<H',user_id)[0])

modified_tree_connect_request=list(payload2)
modified_tree_connect_request[32]=user_id[0]
modified_tree_connect_request[33]=user_id[1]
modified_tree_connect_request="".join('%s'%ld for ld in modified_tree_connect_request)

print('[+]{}Send connection'.format(host))
s.send(payload2)
tree_connect_response=s.recv(1024)

tree_id=tree_connect_response[28:30]
print('[+]{}'.format(host),'Tree ID=%s'%struct.unpack('<H',tree_id)[0])

modified_trans2_session_setup=list(payload3)
modified_trans2_session_setup[28]=tree_id[0]
modified_trans2_session_setup[29]=tree_id[1]
modified_trans2_session_setup[32]=user_id[0]
modified_trans2_session_setup[33]=user_id[1]
modified_trans2_session_setup="".join('{}'.format(li for li in modified_trans2_session_setup))

print('[+]{}Sending success is actually returning.'.format(host))
s.send(payload3)
final_respone=s.recv(1024)

s.close()

if final_respone[32]=="\x51":
    print('[*]existence MS17-010')
else:
    print('[-]Not existence MS17-010')

def run():
    scan()
run()

测试结果:

转载请声明来自422926799.github.io


转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。

文章标题:python写MS17-010扫描器

本文作者:九世

发布时间:2018-08-11, 15:14:58

最后更新:2019-04-19, 20:36:16

原始链接:http://422926799.github.io/posts/c68019ec.html

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

目录